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LISTING OF THE CLAIMS 

1-8. (Canceled) 

9. (Currently Amended) A computer-implemented method for establishing an affiliation 
within a single sign-on system, comprising the steps of: 

establishing one or more affiliations of computer-implemented service providers, 
each affiliation acting coll e ct i v e ly programm e d to act as a single entity on a network for 
purposes of any of authentication, federation, and authorization; 

establishing a computer-implemented owner of each said affiliation that 
maintains is programm e d to maintain a list that shows which service providers are 
members of said affiliation, as well as any control structure or meta-data associated with 
said affiliation , said owner comprising a shared point of access for said service 
providers ; and 

providing a unigue identifier for each said affiliation within said single sign-on 
system in which said affiliation is defined; 

wherein trust is established with a user at said shared point of access for 
purposes of authentication and authorization, even if said point of access does not 
share common authentication reguirements, by the virtue of said affiliation between said 
service providers at said point of access . 

10. (Currently Amended) The method of Claim 9, further comprising the steps of: 

each one of multiple principals acquiring a federated identity; 

providing an identity provider programmed to authenticate and vouch for said 
principals. 
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1 1 . (Currently Amended) The method of Claim 1 0, further comprising the steps of: 

a principal logging into said identity provider; 

said principal visiting a first service provider and federating to said affiliation; and 

said principal then visiting any other service provider within said affiliation without 
having to separately federate to said other service provider provid e rs . 

12. (Canceled) 

13. (Original) The method of Claim 9, further comprising the step of: 

providing a discovery service for enabling a web service consumer to discover 
service information regarding a user's personal web services. 

14. (Currently Amended) The method of claim 13, further comprising the step of: 

providing a web service consumer associated with a service provider for 
requesting a service descriptor and assertion for service from said discovery service 
and for presenting an assertion from an said other service provider with affiliate 
information. 

15. (Original) The method of Claim 14, further comprising the step of: 

said discovery service checking said other service provider affiliation and 
generating a service assertion based upon said other service provider affiliation. 

16. (Original) The method of Claim 15, further comprising the step of: 
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said web service consumer invoking a service with said service assertion via a 
web service provider. 

17. (Previously Presented) The method of Claim 9, wherein said affiliation has an 
identifier that is unique within a single sign-on system in which said affiliation is defined. 

18. (Previously Presented) The method of Claim 9, wherein service providers within a 
single sign-on system may be members of multiple affiliations, but are programmed to 
act only with a single affiliation for any given transaction. 

19. (Previously Presented) The method of Claim 9, wherein a user federating with an 
affiliation automatically federates with all members of said affiliation. 

20. (Previously Presented) The method of Claim 9, wherein a user authorizing access 
to a service by said federation authorizes access to any member of said affiliation. 

21 . (Previously Presented) The method of Claim 9, further comprising the step of: 

providing a unique identifier for every affiliation, and responsive to a service 
provider having a service provider identity requesting an identity of a user through 
different affiliations, said service provider receiving different, unique identifiers for each 

affiliation. 

22. (Previously Presented) The method of Claim 9, further comprising the step of: 

providing a common identifier to all members of said affiliation when they are 
acting as a part of said affiliation. 
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23. (Previously Presented) The method of Claim 9, further comprising the step of: 

providing an affiliation name identifier for allowing sites to handle an automatic 
federation that take place with all members of said affiliation. 

24. (Previously Presented) The method of claim 9, wherein said network comprises: 

a web services-based service infrastructure in which users manage sharing of 
their personal information across identity providers and service providers. 

25. (Currently Amended) The method of claim 24, wherein said web services 
implement a lightweight protocol for exchange of information in a decentralized, 
distributed environment, and said lightweight protocol comprises an envelope that 
defines a framework for describing what is in a message and how to process it, a set of 
encoding rules for expressing instances of application-defined data types, and a 
convention for representing remote procedure calls and responses. 

26. (Cancelled) 

27. (New) The method of Claim 9, said unique identifier comprising: 

a principal identifier comprising any of the following semantics: 

a name identifier that is unique for any service provider/affiliation 

combination; 

a name identifier that is issued for the user by the owner of each affiliation 
with which the user federates, wherein said name identifier is provided to all members 
of the affiliation when they are acting as a part of the affiliation; and 

a name identifier that is provided by the affiliation. 
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